TCP/IP is a suite of specialized protocols – including TCP, IP, UDP, ARP and many others called sub-protocols

TCP/IP originated with ARPANET in the late 1960’s

TCP/IP would not have become so popular if it were not routable (routable protocols are protocols that can span more than one LAN segment because they carry Network layer addressing information)

TCP/IP is very flexible, it can run on virtually any combination of network operating systems or network media – greater flexibility means more configuration

The TCP/IP Core Protocols

TCP (Transmission Control Protocol)

Operates in the Transport layer of the OSI model and provides reliable data delivery services

TCP is a connection-oriented sub-protocol, which means a connection must be established between the communication nodes before this protocol will transmit data

TCP ensures reliable data delivery through sequencing and checksums

TCP provides flow control to ensure that a node is not flooded with data

Fields described in TCP Segment

Source port – indicates the port number at the source node. A port number is the address on a host where an application makes itself available to incoming or outgoing data (i.e. port 80 for HTTP). Source port is 16 bits long.

Flags – a collection of six 1-bit fields that signal special conditions through flags (URG, ACK, PSH, RST, SYN, FIN)

URG – Urgent pointer field contains information for the received

ACK – Acknowledgement field contains information for the received

PSH – Indicates that data should be sent to an application without buffering

RST – The sender is requesting that the connection be reset

SYN – the sender is requesting a synchronization of the sequence numbers between the two nodes

FIN – the segment is the last in a sequence and the connection should be closed

Sliding window size (Window) – indicates how many bytes the sender can issue to a receiver while acknowledgement for this segment is outstanding. This field performs flow control, preventing the receiver from being deluged with bytes (16 bits long)

Options – specifies special options such as the max segment size a network can handle (size varies between 0 & 32 bits)

Padding – contains filler information to ensure that the size of the TCP header is a multiple of 32 bits (it is often 0)

Data – contains data originally sent by the source node. The size of the Data field depends on how much data needs to be transmitted, the constraints of the TCP Segment size imposed by the network type, and the limitation that the segment must fit within an IP datagram

UDP (User Datagram Protocol)

Belongs to the Transport layer of the OSI model

UDP is a connectionless transport service (it offers no assurance that packets will be received in the correct sequence or that they will be received at all)

Provides no error checking or sequencing

Its lack of sophistication (checking) results in it being faster than TCP

Useful in situations in which a great volume of data must be transferred quickly

UDP is more efficient than TCP for carrying messages that fit within one data packet

UDP header contains only four fields, source port, destination port, length and checksum (use of the checksum field is optional)

IP (Internet Protocol)

Belongs to the Network layer of the OSI model

Provides information about how and where data should be delivered, including the data’s source and destination addresses

IP is the sub-protocol that enables TCP/IP to internetwork (traverse more than one LAN segment and more than one type of router)

A packet is also known as an IP datagram which acts as an envelope for data and contains information necessary for routers to transfer data between different LAN segments

IP is unreliable & a connectionless protocol, which means that it does not guarantee delivery of data, however higher-level protocols of the TCP/IP suite use IP to ensure that data packets are delivered to the right addresses

IP datagram does contain one reliability component – the header checksum – which verifies only the integrity of the routing information in the IP header

Version – identifies the version number of the protocol (4 bits long)

Internet header length (IHL) – identifies the number of 4-byte blocks in the IP header. This field is important because it indicates to the receiving node where data will begin (after the header ends)

Total length – identifies the total length of the IP datagram, including the header and data, in bytes. An IP datagram including header and data cannot exceed 65,535 bytes. The total length field is 16 bits long

Identification – identifies the message to which a datagram belongs and enables the receiving node to reassemble fragmented messages. This field and the following two fields (Flags & Fragment offset) assist in reassembly of fragmented packets.

Flags (DF & MF) – Indicates whether a message is fragmented and, if it is fragmented, whether this datagram is the last in the fragment

Fragment offset – Identifies where the datagram fragment belongs in the incoming set of fragments (13 bits long)

Time to Live (TTL) – Indicates the maximum time that a datagram can remain on the network before it is discarded. On modern networks it represents the number of times a datagram has been forwarded by a router (router hops). The TTL for datagrams is variable and configurable, but is usually set at 32 or 64. Each time a datagram is passed through a router its TTL is reduced by one.

Protocol – Identifies the type of Transport layer protocol that will receive the datagram (e.g. TCP or UDP).

Header checksum – Allows the receiving node to calculate whether the IP header has been corrupted during transmission

Source IP address – Identifies the full IP address of the source node

Destination IP address – Indicates the full IP address of the destination node

Options – May contain optional routing and timing information

Padding – Contains filler bits to ensure that the header is a multiple of 32 bits.

Data – Includes the data originally sent by the source node, plus information added by TCP in the Transport layer

ICMP (Internet Control Message Protocol)

ICMP is a sub protocol in the TCP/IP suite

ICMP is a Network layer protocol that reports on the success or failure of data delivery

It can indicate when part of a network is congested, when data fails to reach its destination, and when data has been discarded because the allotted time for delivery has expired

ICMP announces these transmission failures to the sender but it cannot correct any errors it detects

Is a transmission method that allows one node to send data to a defined group of nodes

Routers use IGMP to determine which nodes belong to a certain multicast group and to transmit data to all nodes in that group

Network nodes use IGMP to join or leave multicast groups at any time

ARP (Address Resolution Protocol)

APR is a network layer protocol that obtains the MAC address of a host, or node, and then create a database that maps the MAC address to the host’s IP address.

If one node needs to know the MAC address of another node, it broadcasts a message to the network using ARP that essentially says “Will computer with the IP address xyz please send me its MAC address)

A broadcast is a transmission that is simultaneously sent to all nodes on a particular network segment.

The node that has the IP address xyz then broadcasts a reply that contains the physical address of the destination host

To make ARP more efficient, computers save MAC-to-IP address mappings on a database known as the ARP table

An ARP table can contain two types of entries, dynamic and static

Dynamic ARP table entries are created when a client makes an ARP request that cannot be satisfied by data already in the ARP table

Static ARP table entries are those that someone has entered manually using the ARP utility

RARP (Reverse Address Resolution Protocol)

If a device doesn’t know its own IP address, it cannot use ARP (because without an IP address, a device cannot issue an ARP request or receive an ARP reply)

One solution is to broadcast a message with its MAC address and receive an IP address in reply – this is known as RARP

RARP was originally developed as a means for diskless workstations

IPv4 Addressing

Network recognize two types of addresses: logical (Network layer) and physical (MAC or hardware) addresses. Logical addresses can be manually or automatically assigned and must follow rules set by the protocol standards. In the TCP/IP protocol suite, IP is the core protocol responsible for logical addressing. For this reason, addresses on TCP/IP based networks are often called IP addresses.

Each IP address is a unique 32 bit number, divided into four octets, or sets of eight bits, that are separated by periods.

An IP address contains two types of information, network and host

From the first octet you can determine the network class (in traditional IP networks, 3 types of classes are used for LANs, Class A, Class B & Class C)

Class D & Class E addresses do exist, but are rarely used

Although eight bits have 256 possible combinations, only number 1 to 254 can be used to identify networks and hosts in an IP address. The number 0 is reserved to act as a placeholder when referring to an entire group of computers on a network (e.g. 10.0.0.0 represents all devices whose first octet is 10).

The number 255 is reserved for broadcast transmissions (sending a message to the address 255.255.255.255 sends a message to all devices connected to your network)

Network founders intended the use of network classes to provide easy organization and sufficient quantity of IP addresses on the Internet, however this has not necessarily been recognized

Binary and Dotted Decimal Notation

IP addresses are usually represented in dotted decimal notation which is a shorthand convention used to represent IP addresses and make them easy for people to read.

So 131.65.10.36 is dotted decimal notation and can be represented as 10000011 (131) 01000001 (65) 00001010 (10) 00100100 (36)

Subnet Mask

In addition to an IP address, every device on a TCP/IP based network is identified by a subnet mask which is a special 32-bit number that, when combined with a device’s IP address, informs the rest of the network about the segment or network to which the device is attached.

Like IP’s, subnets masks are composed of four octets (32 bits) and can be expressed in either binary or dotted decimal notation.

Subnet masks are assigned the same way that IP addresses are assigned – either manually or automatically through a service such as a DHCP.

Assigning IP Addresses

BOOTP (Bootstrap Protocol)

BOOTP is an application layer protocol

In many ways it has been replaced by DHCP but is still used for diskless nodes

With BOOTP the network administrator sets up a table of every MAC address and the associated IP address, when a node boots, it makes a request to the BOOTP and is given the IP settings based on its MAC address

The main difference between RARP and BOOTP is that BOOTP can supply more than just the IP address, it includes the IP address of the server and the router

Also a difference between RARP and BOOTP is that BOOTP can traverse more than one network, where RARP is restricted to a single network segment

DHCP (Dynamic Host Configuration Protocol)

Is an automated means of assigning a unique IP address to every device on a network

Belongs to the Application layer of the OSI model.

Operates similar to BOOTP but unlike BOOTP, DHCP does not require the network administrative to maintain a table of IP and MAC addresses on the server

DHCP does require the network administrator in charge of IP address management to install and configure the DHCP service on a DHCP server

Reasons for implementing DHCP include the following…

To reduce the time and planning spent on IP address management

To reduce the potential for errors in assigning IP addresses

To enable users to move their workstations and printers without having to change their TCP/IP configuration

To make IP addressing transparent for mobile users

DHCP Leasing Process

With DHCP, a device leases or borrows an IP address while it is attached to the network

The length of time a lease remains for the IP address remains in effect depends on the DHCP server setup and client

A user can force a lease termination at the client, or a network administrator can force a lease termination at the server

Initiating a DHCP leasing process…

Configuring the DHCP service involves specifying a range of addresses that can be leased to any network device on a particular segment and a list of excluded addresses (if any)

After the DHCP server is running, the client and server take the following steps to negotiate the client’s first lease

When the client workstation is powered on and its NIC detects a network connection, it sends out a DHCP discover packet in broadcast fashion via the UDP protocol to the DHCP/BOOTP server

Every DHCP server on the same subnet as the client receives the broadcast request. Each DHCP server responds with an available IP address, while simultaneously withholding that address from other clients. The response message includes the available IP address, subnet mask, IP address of the DHCP server, and lease duration

The client accepts the first IP address that it receives, responding with a broadcast message that essentially confirms to the DHCP server that it wants to accept the address. Because this message is broadcast, all other DHCP servers that might have responded to the client’s original query see this confirmation and return the IP addresses they had reserved for the client to their pool of available addresses

When the selected DHCP server receives the confirmation, it replies to the client with an acknowledgement message. It also provides more information such as DNS, subnet mask, or gateway addresses that the client might have requested

Terminating a DHCP lease…

A DHCP lease may expire based on the period established for it in the server configuration, or it may be manually terminated at any time from either the client’s TCP/IP configuration or the server’s DHCP side.

Initiating and terminating a DHCP contract in Windows

Terminate from the client – in the command window type ipconfig /release

Initiating from the client – in the command window type ipconfig / renew

APIPA (Automatic Private IP Addressing)

AIPA provides a computer with an IP address automatically (usually used if the DHCP server cannot be found)

After APIPA assigns an address, a computer can then communicate across a LAN, but can only communicate with other nodes using addresses in the APIPA range

When the DHCP server comes back on, APIPA then releases and the node takes on the assigned IP address from the DHCP server

AIPA is best suited for small networks

Determining in windows if APIPA is enables

in the command window type ipconfig / all (if auto configuration enabled option is set to Yes, your computer is using APIPA)

IPv6 Addressing

IPv6 compared to IPv4

Offers more efficient header

Better security

Better prioritization provisions

Automatic IP address configuration

Main advantage is it offers more addresses

IPv4 has 32 bit, IPv6 has 16 bit fields for a total of 128 bits

The loopback address in IPv6 is 0:0:0:0:0:0:0:1 which using shorthand becomes ::1

IPv6 addresses can reflect the scope of a transmissions recipients – i.e. a single node, a group, or a special kind of group

One type of Ipv6 address is a unicast address or an address that represents a single interface on a device

A anycast address represents any one interface from a group of interfaces

Sockets and Ports

Just as a device requires a unique address to send and receive information over the network, a process also requires a unique address. Every process on a machine is a assigned a port number. A process’s port number plus its host machine’s IP address equals the process’s socket.

The use of port numbers simplifies TCP/IP communications and ensures that data are transmitted to the correct application

Port numbers range from 0 to 65535 and are divided by IANA into three types:

Well Known Ports – within the range of 0 to 1023 and are assigned to processes that only operating system or an administrator of the system can access

Registered Ports – within the range of 1024 to 49151 and are accessible to network users and processes that do not have special administrative privileges

Dynamic and or Private Ports – ranging from 49152 through 65535 and are open for use without restriction

Host Names and DNS

Every device on the Internet is technically known a a host.

Every host can take on a host name

Domain Names

Every host is a member of a domain, or a group of computers that belong to the same organization and has part of their IP addresses in common

A domain is identified by its domain name

Usually a domain name is associated with a company or other type of organization

Often when one refers to a machine’s host name, one in fact means its local host name plus its domain name (in other words its fully qualified host name)

A domain name is represented by a series of character strings, called labels, separated by dots

In the domain name www.google.com, com is the top-level domain (TLD), google is the second-level domain, and www is the third-level domain

Domain names must be registered with an Internet naming authority that works on behalf of ICANN

Host and domain names are subject to some restrictions - they consist of any alphanumeric combination up to a maximum of 63 characters, and can include hyphens, underscores, or periods in the name, but no other special characters.

Host Files

This was the old way that a text files is used to associate internal host names with their IP addresses

DNS (Domain Name System)

DNS refers to both the Application layer service that accomplishes this association and also to the organized system of computers and databases that makes this association possible.

The DNS service does not rely on one file or even one server, but rather on many computers across the globe – these computers are related in a hierarchical manner, with 13 computers known as root servers, acting as the ultimate authorities.

Because DNS is distributed, it will not fail catastrophically if one or a handful of servers experience errors

To direct traffic efficiently, the DNS service is divided into three components…

Resolvers

Name Servers

Namespace

Resolvers are any hosts on the Internet that need to look up domain name information. The resolver client is built into TCP/IP applications such as HTTP. If you point your Web browser to a http URL, your HTTP client software initiates the resolver service to find the IP address for the URL. If you have visited the site before, the information may exist in temporary memory and may be retrieved very quickly. Otherwise, the resolver service queries your machine’s designated name server to find the IP address for the URL.

Name servers, or DNS servers, are servers that contain databases of associated names and IP addresses and provide this information to resolvers on request. If one name server cannot resolve the domain name to its IP address, it passes the query to a higher-authority name server until eventually it reaches a high enough authority that can provide the details required.

Namespace refers to the database of Internet IP addresses and their associated names. Namespace is not a database that you can open and view like a normal database, rather this abstract concept describes how the name servers of the world share DNS information. Pieces of it are tangible and are stored on a name server in a resource record, which is a single record that describes one piece of information in the DNS database.

In windows a user can force a DNS record update by issuing the following command in a windows console – ipconfig / registerdns

DDNS (Dynamic DNS)

In DDNS, a service provider runs a program on the user’s computer that notifies the service provider when the user’s IP address changes. Upon notification, the service provider’s server launches a routine that automatically updates the DNS record for that user’s computer. The DNS record update becomes effective throughout the Internet in a matter of minutes

DDNS does not take the place of DNS, but is an additional service. It is an affordable solution for small websites that do not want to pay the fees associated with a static IP address.

Associating host and domain names with computers on a TCP/IP-based network is performed by the Application layer protocol DNS.

Zeroconf (Zero Configuration)

Zeroconf is a collection of protocols designed by the IETF to simplify the setup of nodes on a TCP/IP network. It assigns a node an IP address, resolves the nodes host name and IP address without requiring a DNS server, and discovers services available to the node (e.g. print services) without requiring a DNS server. Read up more on Zeroconf in the textbook.

Application Layer Protocols

Telnet

Telnet is a terminal emulation protocols used to log on to remote hosts using the TCP/IP protocol suite.

Using Telnet, a TCP connection is established and keystrokes on the user’s machine act like keystrokes on the remotely connected machine

Telnet is often used to connect two dissimilar systems (e.g. Unix to Windows)